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(54) Apparatus for data copyright management system 



(57) A data copyright manag&nent apparatus is 
used with a user terminal and comprises a CPU, a CPU 
bus. ROM. EEPROM. and RMA, 

The CPU, ROM, EPROM. and l=^AM are connected 
to the CPU bus, and a s^em bus of a device which uti- 
lizes the data can be connected to the CPU bus. A data 
copyright management system prograra arypt algo- 
rithm, and user infbmnation are stored in the ROM, and 
a second private-key, a permit key, a second secret-key, 
and copyright information are stored in the EEPROM. A 
first public-key, a first private-key, a second public-key. 
and a first secret-key are transmttt^ to the RAM during 
the operation. The data copyright management appara- 
tus may be configured in the form of a monolithic or 
hybrid IC. a thin IC card, PC card, and Insertion board 
which have a unique terminal. If a copyright manage- 
ment program is supplied from the external, the it \s 
stored in the EEPROM, otherwise it is stored in tfie ROM. 

In addition to a microprocessor of user terminal 
which decrypts encrypted data for displaying and 
processing and re-encrypts the decrypted data for stor- 
ing, copying, or transferring, at least one microprocessor, 
desirably two microprocessors, are added for decrypting 
and re-encrypting data which \& encrypted and supplied. 
The microprocessors to be added may be connected to 
a system Isus of the microprocessor of the user terminal. 
It is desirable that a multiprocessor configuration is 
inplemented by using a SCSI bus, PCI bus, or SCI bus. 
Apparatus lor decryption and re-enayption may be con- 
figured separately or as a unit Device which is used to 
input and output encrypted data may be connected 
directly to the apparatus for decryption and re-encryp- 
tion. The data copyright management apparatus may be 
implemented in the form of a monolithic IC, a hybrid IC, 
or a built-in subboard, and the apparatus in these forms 



is incorporated in a computer, television set set-top box, 
c£gital video tape recorder, digital video disk recorder, 
digital audio tape apparatus, or personal digital assist- 
' ants, and the like. 
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Desciipiion 

Retd of the Invention 

The present invention relates to an apparatus for dis- s 
playing, storing, copying, editing or transmitting digital 
data in using data, and intends to protectdigital data cop- 
yrights. 

Background of the Invention io 

In informatton-orient^ society of today, a database 
system has been spread In which various data values 
having independently been stored In each computer so 
tar are mutually used by connecting conputers by com- is 
munlcation lines. 

The information having been handled by the data- 
base system is classical type coded information whic^ 
can be processed by a conrputer and has a snrtall amount 
of information or monochrome binary data like facsimile 20 
data at most Therefore, the database system has not 
been able to handle data with an extremely large amount 
of infbrnration such as a natural picture and a motion pic- 
tura 

However, while the digital processing technique for 2S 
various electric signals develops, development of the 
digital processing art for a picture signal other than 
binary data having been handled only as an analog sig- 
nal is progressed. 

By digitizing the above picture signal, a picture sig- 3o 
nal such as a television signal can be handle by a com- 
puter. Therefore, a "multimedia system" for handling 
various data handled by a computer and picture data 
obtained by digitizing a picture signal at the same time 
is noticed as a future technique. 35 

Because picture data includes an overwhelmingly 
large amount of information compared to character data 
and audio data, it is difficult to directly store or transmit 
the picture data or apply various processings to the pic- 
ture data by a computer. 4o 

Therefore, it has been consider^ to conpress or 
expand the picture data arKi several standards for com- 
pressing or expanding picture ctata have been prepared. 
Among those standards, the following standards Mve 
been prepared so far as common standards: J PEQ (Joint 4S 
Photographic inr»ge coding Experts Group] standard for 
a still picture, H.261 standard for a video conference 
MPEQ1 (Moving Picture image coding Experts Group 1} 
standard for storing pictures, and MPEG2 corresponding 
to tiie present telecast and tire high-definition tel ecast so 

Real-time processing of digital picture data has been 
realized by these techniques. 

Becaise hitherto widely-^read analog data is dete- 
riorated in quality whenever storing, ccpying. editing, or 
transmitting it. copyrights produced due to the above 55 
operation has not been a large problem. However, 
because digital data is not deteriorated in quality after 
repeatedly storing, copying, editing, or transmitting it the 



control of copyrights produced due to tiie above opera- 
tion is a large problem. 

Because tiiere is not hitherto any exact metiiod for 
dealing with a copyright for digital data, the copyright is 
handled by the Copyright Act or relaxant contracts. Even 
in the Copyright Act compensation money for a digital- 
type sound- or picture-recorder is only systematized. 

Use of a database includes not only refen'ing to the 
contents of therdatabase but also nomnally effectively 
using the dltabase by storing, copying, or editing 
obtained data. Mc^-eover, it is possit}le to transmit edited 
data to another person via on-line by a communication 
line or a proper recording medium. 

Furthermore, it Is possible to transmit the edit^ data 
to the database to enter it as new data. 

In an existing database system, only character data 
is handled. In a multimedia system, however, audio data 
and picture data which are originally analog data are dig- 
itized and formed into a database in acidition to the data 
such as characters which have been formed into a data- 
base so far. 

under the atxjve srtuation, how to deal with a copy- 
right of data formed into a database is a large problem. 
However, there has not been adequate copyright man- 
agement means for solving the problem so far. particu- 
larly copyright management means (X)nrpleted for 
secondary utilization of thedata sudh as copying, editing, 
or transmitting of tiie data. 

Although data of "Software with advertisement" or 
"^ee software' is, generally, available free of fee. it is cop- 
yrighted and its use may be restricted by the copyright 
d^endlng on the way of use. 

The inventor of the present invention et al. propos&i 
a system for mariaging a copyright by obtaining a penrot 
key from a key contisl center via a public telephone Fine 
tiirough Japanese Patent Laid-Op^ Nla 46419/1994 
and Japanese Patent Laid-Open No. 141004/1994 and 
moreover, proposed an apparatus for managing tiie cop- 
yright through Japanese Patient Lald-Open No. 
132916/1994. 

Furthermore, they proposed a system for managing 
a copyright of digital data through Japanese Patent 
Application No. 64889/1994 and %lapanese Patent AppG- 
cation No. 237673/1994. 

In these systems and apparatus, one who wants to 
view and listen encrypted programs requests to a control 
center for viewing by i^ing communication device via a 
communications line, and tiie control center sends a per- 
mit key to the requester, performs charging and collects 
a fee. 

After receiving tiie permit key, the requester sends 
the permit key to a receiver by using an on-line or off-line 
means, the receiver then decrypts the encrypted pro- 
gran^ i^ing tiie permit key. 

Moreover, the system disclosed in Japanese Patent 
Application No. 64889/1994 uses a program and copy- 
right information for managing the coyright in addition to 
tiie permit tey so that the copyright in display (Including 
process to sound), storage, copying, editing, or transmit- 
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ting of the digital data in a database system including 
real-time transmission of a digital picture can be man- 
aged. The program for managing the copyright watches 
and manages to prevent users from using other than the 
conditions of user's requ^ or permission. 5 

The Japanese Patent Application No. 64889/1994 
further discloses that data is supplied with encrypted 
from a database, decrypted by copyright management 
program when displayed or edited, arKi encrypted again 
when it is stored, copied or transmitted. Also the copy- 10 
right management program Itself being encrypted; 
•decrypted by a permit key; the copyright management 
program thus decrypted performing encyption and 
decryption of copyright data; and when data is utilize- 
dother than storage and displaying, copyright infonrrei- is 
tion including infbnmation of the person who has utilized, 
being stored as history in addition to original copyright 
information, are disclosed. 

Though the present invention is described below, 
general description is made for cryptography at first 20 

The cryptography includes a secret-key cryptosys- 
tem ard a pul3lic-key cryptosystem. 

The secret-key cryptosystem is a cryptosystem 
using the same crypt key for encryption and decryption. 
While this cryptosystem requires only a short time for 25 
encryption or decryption, the secret-key is found, and 
thiB. the cryption may be cryptanalized. 

The public-key cryptosystem is a cryptosystem in 
which a key for encryption is open to the public as a pub- 
lic-key and a key for decryption is ndt open to tine pidDlic. 30 
The key for encryption is refen-ed to as a public-key and 
the key for decryption is referred to as a private-key. To 
use this cryptosystem. it is necessary that a party for 
transmitting information encrypts the information with a 
public-key of a party for receiving the information and the 35 
party for receiving the information decarypts the infonma- 
tion with a private-k^ not open to the public. While this 
cryptosystem requires relatively a long time for encryp- 
tion or decryption, the private-key can hardly be found 
and it is very difficult to cryptanalyze the cryption. 40 

In the cryptography, a case of encrypting a plaintext 
M with a crypt key K to obtain a cryptogram G is 
expressed as 



C o E{iC M) 

and a case of decrypting tiie cryptogram C with the crypt 
key K to obtain the plaintext M is expressed as 

M = D(K. C). 
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The cryptosystem used for the present invention 
uses a secret-key cryptosystem in which tiie same 
secret-key Kb is used for encryption and decryption, and 
a pubiic-k^ cryptosystem in which a public-key Kb is 55 
used for encryption of a plaintext and a private-key Kv is 
used for decryption of a cryptogram. 

Rgure 1 shows a structure of tfie data copyright 
management system disclosed in the prior Japanese 



Patent Application No. 237673/1994 in which the appa- 
ratus for data copyright management system of the 
present invention is used. 

In tills system, encrypted data is two-way supplied 
in accordance witii a request from the primary iser 4. 

This system rises tiie secr^-key cryptosystem and 
tiie public-key cryptosystem as a cryptosystem. 

It is matter of course tiiat tiiis system can be applied 
when using -a satellite broadcast ground wave broad- 
cast CATV broadcast or a recording medium other tten 
a database as data supply means provided witii adver- 
tisement requiring no charge or encryption. 

In this system, reference numeral 1 r^resents a 
database, 4 represents a primary user terminal, 5 repre- 
sents a secondary user terminal, 6 represents a tertiary 
user terminal, and 7 r^resents an n-ofder user terminal. 

And 3 represents a copyright management center, 
8, 9, and 10 represent a secondary copyright data, terti- 
ary copyright data, and n-order cc^right data stored at 
the copyright management center 3, and 2 represents a 
comnruinication network such as a public telephone line 
offered by a communication enterprise or a CATV line 
offered by a cable television enterprise. 

On the above arrangement the database 1 , primary 
user terminal 4. secondary user terminal 5, tertiary user 
terminal 6, n-order user terminal 7, and copyright man- 
agement center 3 are connected to the communication 
network 2 and also tiiey can be connected each other. 

In this figure, a patii shown by a broken line repre- 
sents a path for encryfSed data, a path shown by a soRd 
line represents a patii of requests from each user termi- 
nal, a path shown by a one-dot chain line rq3resents a 
path tiirough which authorization information corre- 
sponding to a utiOzation requ^ in each data and a crypt 
key are transferred, and a path shown by a two-dot chain 
line represents a path through which copyright informa- 
tion is transferred from the database or from the data to 
a next-order data wttiiin copyright managanent center. 

Each user who uses tiiis system is previously 
entered in a datatsase system and in this time, database 
utilization software is provided hinn. The database utOI- 
zation software includes a program for decrypting an 
encrypted cc?pyright management program in addition to 
normal communication software such as data communi- 
cating protocol. 

To use the database 1 , a primary user prepares pri- 
mary-user autiientication clata Au1, a first public-key 
Kb1. a first private-key Kv1 con-e^xjnding to the first 
public-key Kb1, a second public-key Kb2, and a second 
private-key Kv2 corresponding to the second public-key 
Kb2. and accesses tiie database 1 from the primary user 
terminal 4 via tiie communication network 2. 

The database 1 receiving the primary-user autiien- 
tication data Aul . first public-key Kb1 and second public- 
key Kb2 from the primary user conf inns tiie prinrary-user 
authentication data Aul and transfers the confimied pri- 
mary-user autiientication data Au1 to the secondary 
copyright management center 3 as tiie primary user 
infomiation lul. 
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. The database 1 prepares two secret-keys, that is. 
first secret-key Ks1 and second secret-key Ks2. 

In the pr^red first secret-key Ksl and second 
secret-key Ks2, the second secret-key Ks2 is also previ- 
ously transferred to the copyright management center 3. s 

As the result of the above transfer, a permit key cor- 
responding to primary utilization, the primary user infor- 
mation Iu1, original copyright infonTration IcO and the 
second secret-key Ks2 are stored in the copyright man- 
agement center 3. In this case, the original copyright io 
tnfomr^on IcO is used for copyright royalties distribution. 

When a prin^ry user who desires data utilization 
accesses the database 1 from the primary user terminal 
4, a data menu is transfen-ed to him. In this case, infor- 
mation for charges may be displayed together with the is 
data menu. 

When the data menu is transferred, the primary user 
retrieves in the data menu to select the data M. In this 
case, the original copyright information IcO of the 
selected data M is transmitted to the copyright manage- so 
ment center 3. The primary i^er selects permit key Kjdl 
con^e^onding to the required form of the usage such as 
viewing, storing, copying, editing and transmitting of 
data. Permit key Kp1 is also transmitted to the copyright 
nr^agement center 3. 25 

Because viewing and storing of data are the mini- 
mum required forms of use for the primary t^er, these 
terns of use may be excluded from the choices as the 
minimum usage, arKi offering only copying, editing and 
transmitting as the choices. so 

The original data MO is read out of the database 1 
in accordance with a request of the primary user. The 
read original data MO is encrypted by the first seaet-key 
Ks1: 

35 

CmOksl bE(Ks1,M0). 

The encrypts data CmOksi is provided with the 
uncrypted original copyright infonration IcO. 

Thefirstsecret-keyKsl is encrypted t>y the first pub- 4o 
lie-key Kb1 and the second secret-key Ks2 is encrypted 
by the secorxl pubfic-key kb2: 

Ckslkbl = E(Kb1. 1^1) 

45 

Ck&2kb2 » E{Kb2. Ks2). 

While the copyrigfrt management program P is also 
encrypted by the second secret-key K62 

so 

CpKs2 = E(Ks2, P), 

the copyright management program P must not always 
be encrypts by the second secret-key Ks2 but it may be 
encrypted by any other proper crypt key. ss 

The encrypted original data CmOksl. encrypted 
copyright management program Cpks2, and two 
encrypted secret-keys Cks1 kb1 andi Cks2kb2 are trans- 



fen-ed to the primary riser termiral 4 via the communica- 
tion network 2, and charged, if necessary. 

It is pc^ible to store the encrypted copyright man- 
agement program Cpks2 such as in a ROM in the user 
terminal 4 instead of being supplied from the database 1 . 

The primary user receiving the encrw>ted original 
data CmOksl, two aicrypted secret-keys Ckslkbl and 
Cks2kb2. and encrypted copyright management pro- 
gram Cpks2 ^om the database 1 deo^pts the encrypted 
first secret-key Ckslkbl by the database utilization soft- 
ware using the first private-key Kv1 con^e^nding to the 
first public-l«y Kbi: 

1^1 =D(Kv1, Ckslkbl). 

and decrypts the encrypted second secret-key Cks2kb2 
using the second private-key Kv2 corresponding to the 
second putdic-key Kb2: 

Ks2 - D(Kv2, Ck82kb2). 

And the primary user decrypts the encrypted copy- 
right management program Cpks2 using the decrypted 
second secret-key Ks2: 

P « D(Ks2. Cpks2). 

Rnally. the primary user decrypts the encrypted data 
CfnOtel by the decrypted copyright management pro- 
gram P using the deoypted first secret-key Ksl: 

MO «D(»4l, CmOksl) 

and uses the decrypted original data W directly or data 
M1 as edited. 

PiB descn'bed atx)ve, the first private-key Kv1 and 
second private-key Kv2 are crypt pr^^ared by the 
primary user but not opened to others. Therefore, even 
if a third party ot?tainstire data M, it Is impossible to use 
the encrypted data M by d^rypting it 

Thereafter, to store, copy, or transmit the data M as 
the original data MO or the edited data Ml , It Is encrypted 
and decrypted t>y the second secret-key HsZ: 

Cmks2 o E(Ks2, 

M o D(Ks2, Cniks2). 

The d^rypted second secret-key KsS is thereafter 
used as a crypt key for encrypting/decrypting data when 
storing, copying, or transmitting the data. 

The first private-key Kv1 and second private-key 
Kv2, the first secret-key Ksl and second secret-key 1^. 
the data M. the copyright management program P, the 
original copyright information Ic. and also the original 
copyright information IcO and also copyright information 
Id for information of the primary user and edited date 
arK) time when edited the data the primary user are 
stored in the primary user terminal 4. 
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Moreover, it is further protected by attaching the cop- 
yright information Id to the data as copyright infbnmatlon 
label, and adding the digital signature. 

The enaypted data Cmk52 is encrypted to be dis- 
tributed. Since the copyright information label provides 
a clue to obtain the second secret-key Ks2 which is the 
key ioT decryption, the second secret key Ks2 cannot be 
obtained in the case where the copyright infonmation 
label is removed from the encrypted data Cmk52. 

When the encrypted data Cmks2 is stored in the pri- 
niary user terminal 4. the second secret-key Ks2 is 
stored in the terminal 4. However, when the encrypted 
data Cmks2 is not stored In the primary user terminal 4 
but Is copied to the recording medium 1 1 or transmitted 
to the secondary user tenminal 5 via the communication 
network 2, the second secret-key Ks2 is disused in order 
to disable subsequent utilization of the data in the pri- 
mary user terminal 4. 

In this case, it is possible to set a limKation for rep- 
etitions of copying or transmitting of the data so that the 
second secret-key K62 is not disused within linrnted repe- 
tions of copying and transmitting of the data. 

The primary user who is going to copy the data M to 
the external recording medium 11 or transmit the data M 
via the communication network 2 must pr^are the sec- 
ond secret-key Ks2 to encrypt the data M by this second 
secret-key Ks2 before copying or transmitting the data: 

Cmks2 » E(Ks2. M). 

The uncrypted original copyright information IcO and 
primary-user copyright information Id are add&i to the 
encrypted data Cmks2. 

Before using a database, a secondary user, similar 
to the primary user, prepares authentication data Au2 for 
authenticating the secondary user, a third public-key Kb3 
and a third private-key Kv3 conrespondlng to tiie third 
public-key Kb3, a fourth public-key Kb4. and a Iburth pri- 
vate-key Kv4 corresponding to the fourth public-l^y Kb4. 

The secondary user who desires secondary utiliza- 
tion of the copied or trarrsmltted encrypted data Cmk82 
must designate original data name or number to the cop- 
yright management center 3 to request for secondary uti- 
lization to the center 3 from the secondary user terminal 
5 via the communication network 2. In this time, the sec- 
ondary user also transfers the third public-key Kb3 and 
the fourth public-key Kb4 as well as the secondary user 
authentication data Au2. original copyright infbmnation 
IcO and primary user copyright information Id . 

The copyright management center 3 receiving the 
secondary utilization request from the secondary user 
confirnrts the secondary-user authentication data Au2. 
and transfers cortfirmed secondary-user authentication 
data Au2 to the tertiary copyright data 9 as secondary 
user information. 

When tiie secondary copyright information Id of the 
primary user is transferred, the secondary copyright 
information Id is inquired to the secondary copyright 
data 8, and then, it recognizes the secondary copyright 



infonnation Id to be transferred to tiie tertiary copyright 
data 9. 

The secondary user selects permit key Kp2 corre- 
sponding to the form of data usage such as viewing, stor- 

5 ing. copying, editing and transmitting of data. Permit key 
Kp2 corresponding to the selected usage is sent to tiie 
tertiary copyright data 9. 

Because viewing and storing of data are the mini- 
mum required forms of use for the secondary user, these 

10 forms of use nay be excluded from the choices as the 
minimum usage, offering only copying, editing and trans- 
mitting as the choices. 

The secondary copyright data 8 prepares a third 
secret-key Ks3. 

IS The prepared third secret-key Ks3 is transferred to 
and stored in the tertiary copyright data 9. 

As the result of the above transfer, the permit key 
Kp2, primary user copyright information Id. primary 
user information Iu1. original copyright information IcO. 

20 secondary user information Iu2. and third secret-k^ Ks3 
are stored in the tertiary copyright data 9. The permit key 
Kp2, primary user copyright information Id , and prinnary 
user information tul are used for copyright royalti^ dis- 
trit>ution. 

25 Hereafter similarly, permit l<ey Kpn corresponding to 
n-onder usage, copyright information for secondary 
exploitation right lcn-1 of (n-1}-order user, primary user 
information Iu1. original copyright information IcO. n- 
. order user information lun. and n-th secret-key f^n are 
30 Stored in n-order copyright data 1 0. 

The permit key primary user information Iu1, 
original copyright information IcO arrd second secret-key 
Ks2 are read out of tiie secondary copyright data 8. The 
original copyright information IcO is used for copyright 
35 royalties distribution. 

The read second seo'et-key Ks2 arKi third secret- 
key Ks3 are encrypted by the third pul:^ic-key Kb3 and 
fourth public-key Kb4 of tiie secondary user respectively: 

40 Cks2kb3 » E(Kb3, hCs2) 

Cks3kb4 » E(Kb4. Ks3). 

The copyright management program P is encrypted 
4S l3y the third secret-key Ks3: 

Cpks3 o E{Ks3, P). 

The encrypted copyright management program 
so Cpks3. encrypted second secret-key Cks2kb3. and 
encrypted third seaet-key Cks3kb4 are transferred to 
the secondary user terminal 5 via the communication 
network 2. In this case, charging is performed, if neces- 
sary 

55 The secondary user receiving two encrypted secret- 
keys Cks2kb3 and Cks3kb4 and the encrypted copyright 
management program Cpks3 from tiie secondary copy- 
right data 8 d^rypts the encrypted second secret-key 
Cks2kb3 by the tiiird private-key Kv3. and decrypts the 
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encrypted third secret-key Cks3kb4 by the fourth private- 
key Kv4 corresponding to the fourth public-key Kb4, 
using the database utilization software: 

Ks2 » D(Kv3. Cks2kb3) 

KsS « D(Kv4. Cks3kb4). 

The encrypted copyright ntanagement program 
Cpks3 is decrypted by the decrypted third secret-key 

Ks3j. 

P « D(Ks3, Cpk&3). 

Then, the encrypted data Cmks2 is deaypt«j to use 
it by the decrypted second secret-key )^ i^ing 
decrypted copyright memagement program P; 

Ms D(Ks2, Cmks2). 

As described above, the thiid private-key Kv3 and 
the fourth private-key Kv4 are prepared by the secorKlary 
user but not opened to others. Therefore, even rf a third 
party obtains the encrypted data Cmks2. it is impossible 
to use the data by decrypting it 

Each user who uses above-mentioned system must 
previously be entered In a database system, and when 
entered in the system, software for database is suppll^ 
to the user. 

Because the software includes not only normal com- 
munication software such as a data communication pro- 
tocol but also a program for decrypting a copyright 
rmnagement program by a first crypt-toy, it is nece^ary 
to be protected. 

A first crypt-key K1, a second crypt-key K2, and a 
copyright management program P are trar^rred to 
each i^er in order to use data M, and each user toeps 
these keys and the program. 

Further, the copyright information label, user infor- 
mation, the public-k^ and private-key in the public-toy 
cryptosystem and the program containing algorithrri for 
generating the secret-toy are kept when needed. 

f=br toeping them, it is the simplest means to use a 
flexible disk. Howeva*, the flexible disk is easy in disap- 
pearance or alteration of data. 

Moreover, a hard disk drive is also unstable for dis- 
appearance or alteration of data though it is rmre stable 
than the flexible disk. 

Recently, an IC card is spread in which an IC ele- 
ment is sealed in a card-lito pactoge. Particularly, stand- 
ardization of a PC card with a microprocessor sealed in 
it is progressed as a PCMCIA card or JEIDA card. 

The data copyright management apparatus pro- 
posed by the inventor of the present invention et al. in 
the prior Japanese Patent application No. 237673/1994 
is described in Figure 2. 

The data copyright management unit 15 is config- 
ured as a computer system, comprising a microproces- 
sor (CPU) 16, a local bus 17 of CPU 16, read only 



memory (ROM) 18 connected to local bus 17, and 
write/read memory (RAM) 19, wherein the local bus 17 
being connected to syst&n bus 22 of the microprocessor 
21 of the user terminal 20. 
s Moreover, a communication unit (COMM) 23 which 
receives data from an external database and transfer 
data to the external database, a CD-ROM drive (CDRD) 
24 which reads data provided by CD-ROM. aflexibledisk 
drive (FDD) 25nvhlch copies received or edited data to 
10 a flexible disk drive to provide outside with such data, 
and a hard disc drive (HDD) 26 which stores cteta are 
connected to the system bus 22 in the user terminal 20. 

As a matter of course. ROM and RAM or the lito are 
connected to the system bus 22 of the user terminal, 
15 however, it is not shown in the figure. 

Fixed information, such as software and user data, 
for utilizing the database is stored in ROM 1 8 of the data 
copyright management unit 15. 

A crypt-key and the copyright management program 
so provided from the key control center or copyright man- 
agement center are stored in RAM 1 9. 

The process of decryption and re-encryption are 
p&lbnmed by the data copyright nnanagement unit 15, 
only of which results are transferred to the user terminal 
25 20viathelocalbus17ardthesy8tembus21 oftheuser 
terminal. 

The data copyright management unit 15 is imple- 
mented as rroiolitiiic IC, hybrid IC. an expansion board, 
an IC card, or a PC card. 

so 

Summary of the Inventiori 

In the present application, apparatus for data copy- 
right management system, results from further imple- 

35 mentation of the apparatus us^ in the useir terminal 
proposed in the prior Japanese patent application No. 
237673/1 994, is proposed. 

The apparatus for data copyright management in the 
present tnventioii is attached to the user t^minal. which 

40 comprises central processing unit, central processing 
unit bus, read only semiconductor memory, electrically 
erasable programmable memory, and readAArrlte mem- 
ory. 

Central processing unit read only serrvconductor 
46 memory, electrically erasable programmable memory, 
arKf readAnnite memory are connected to the central 
proc^sing unit bus. and also system bus of a unit which 
utilizes the data can be connected to it Data copyright 
management system program, a crypt algorithm, and 
so user information are stored in the read only semiconduc- 
tor memory, and a second private-toy. permit toy. sec- 
ond secret-key, and copyright information are stored in 
the electrically erasalsie programmable memory, 
wherein first public-key, first private-key, second public- 
55 toy. and first secret-toy being transferr^ to the 
read^tmte memory at the operation of the unit. If tiie cop- 
yright management program is provided from tiie out- 
side, it is stored in tiie EEPROM. Otiierwise, it is stored 
in ROM. 
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As a form of the data copyright management appa- 
ratus, monolithic IC» hybrid IC. a thin IC card with special 
terminal, a PC card, and a board for insertion can be 
available. 

In the data copyright management system 
described above as prior invention, while the obtained 
encrypted data is decrypted for utilization of display- 
ing/^ting, the obtained or edited data is re-encrypted 
to store/copy/transfer so that no unauthorized use of the 
data can be available. 

Accordingly, in the apparatus used in the data cop- 
yright managanent system of the present invention, re- 
encryptton of data, as well as decryption of data should 
be performed concunently. however, those data copy- 
right management apparatus described in the prior appli- 
cations can perform only one process of either data 
decryption or data re-encryption. 

Thus, In the present application, a data copyright 
management apparatus which, at the same time, can 
decrypt arKl re-encrypt data encrypted and supplied in 
order to manage copyright is proposed. 

For the purpose of that, data which was encrypted 
and provided is decrypts and re-encrypted by adding 
at least one microprocessor, preferably 2 microproces- 
sors, in addition to the microprocessor that controls the 
entire user terminal therein. When one mk:roprocessor 
is added, one of the 2 mio-oprocessors, one included in 
the user terminal or one added, will decrypt data and the 
other will re-encrypt data. 

When 2 microprocessors are added, one of the 
add^ microprocessors will decrypt data, the other 
microprocessor will re-encrypt data, and the microproc- 
essor of the user terminal will control the entire opera- 
tion. 

Although the added microprocessors may be con- 
nected to system bus of the microprocessor in the user 
terminal, this configuration may not allow a multiproces- 
sor configuration to qserate plural microprocessors con- 
currently. 

Therefore, in the present application, a data copy- 
right nwagement apparatus as a multiprocessor con- 
figuration utilizing SCSI bis or PCI bus is proposed; 

Other than character data, digital data includes 
graphic data, computer program, digital audio data, still 
picture data of JPEG standard, and motion-picture data 
of MPEG standard. 

WNle the data works comprising these data are uti- 
lized by using various apparatus, it is necessary that 
these apparatus should also include the data copyright 
management function. 

Thus, in the present application, it is proposed that, 
as a form of use, these data copyright management 
apparatus and the data copyright management appara- 
tus described in the prior application are incorporated in 
various systems. 



Brief Description of the Drawings 

Figure 1 is a block diagram of the data copyright 
management system of the prior invention. 
5 Rgure 2 is a block diagram of the data copyright 
management apparatus of the prior invention. 

Rgure 3 is a block diagram of the data copyright 
management apparatus of embodiment 1 of the present 
invention. - 

10 Rgure 4 is a specific block diagram of the data cop- 
yright management apparatus of the embodiment 1 of 
the present invention. 

Rgure 5 is a process flow chart of data copyright 
management system related to the present invention. 
IS Rgure 6 is a block diagram of the data copyright 
management system of the prior inverrtton. 

Rgure 7 is a flow chart of a general edit process of 
digital data. 

Rgure 8 is a flow chart of encrypted data edit proc- 
20 ess of the present invention. 

Rgure 9 is a block diagram of the data copyright 
management apparatus of embodiment 2 of the present 
invention. 

Rgure 10 is a block diagram of the data copyright 
25 management apparatus of embodiment 3 of the present 
invention. 

Rgure 1 1 is a block diagram of tiie data copyright 
management apparatus of embodiment 4 of the present 
, invention. 

30 Rgure 12 is a block diagram of the data copyright 
management ^aparatus of ent^odiment 5 of the present 
invention. 

Rgure 13 is a block diagram of the data copyright 
management apparatus of embodiment 6 of the present 
35 invention. 

Rgure 1 4 is a block diagram of the digital cash sys- 
tem as one example of use of the present invention. 

Rgfure 1 5 is a block diagram of the video conference 
system as one example of use of the present invention. 

40 

Detailed Description of the Prefenred Embodiments 

The detailed embodiments of ^e present invention 
are described below with reference to the drawings. 

45 The embodiment 1 of the data copyright manage- 
ment apparatus related to the present invention is shown 
in a block diagram of Figure 3. 

The data copyright management unit 30 includes 
electrically erasable programmable memory (EEPROM) 

so 31 in addition to the components of the data copyright 
management unit 15 described in ttie prior application 
Na 237673/1994. 

The data cop/right management unit 30 is a com- 
puter system having CPU 16, local bus 17 of CPU 16. 

BS ROM 18 connected to local bus 17. RAM 19. and EEP- 
ROM 31, wherein local bus 17 being connected to the 
system bus 22 of the microprocessor 21 in the user ter- 
minal 20. 
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Moreover, communication unit (COIVIM) 23 whicli 
receives data from extemal database and transfers data 
outside. CD-ROM drive (CDRD) 24 which read data pro- 
vided by CD-ROM, a flexible disc drive (FDD) 25 whicli 
copies data received or edited in order to supply to the s 
outside, and hard disk drive (HDD) 26 which stores data 
are connected to the system bus 22 of the user termina! 
20. 

Further, ROM and RAM are connected to the system 
bus 22 of the user tenninal. however, it is not shown in 
the figure. 

Fixed Information such as a data copyright manage- 
ment program, a cryptography program bas^ on crypt 
algorlttim. and user data are stored in ROM 18. 

A crypt-key and copyright information are stored in 
EEPROM 31. Further, when data copyright manage- 
ment program and cryptography program are supplied 
from outside such as from database, they are stored in 
EEPROM 31, rather than in ROM 18. 

The data copyright management unit 30 performs 
the process of decryption or re-encryption, only the result 
of which are transferred to the user terrrunal 20 via local 
bus 1 7 and system bus 22. 

The data copyright management unit 30 is imple- 
mented as a monolithic IC, a hybrid 10, an e3q3an&ion 
k>oard, an IC card, or a PC card. 

Fixed data such as a data copyright management 
progranr. a cryptography program based on crypt algo- 
rithm, and user data are stored in ROM 18 of the data 
copyright management unit 30 in the embodiment 1 . 

Further, a program for generating secret-keys based 
on secret-key algorithm of not secret, a decryption pro- 
gram, and a re-encryption program nrBy be stored in 
ROM 18. 

A crypt-key and copyright information are stored in 
EEPROM 31. Moreover, when the copyright manage- 
ment program and the encryption program are suppli^ 
from the outside such as database, they are stored in 
EEPROM 31. rather than ROM 18. Still more, the EEP- 
ROM is not necessarily r«::|uired and may be omrtted. 4o 

Either one of the first crypt-key or the second crypt- 
key supplied from the key control cerrter or copyright 
management center, and data copyright management 
system program are stored in RAM 19. 

On the other hand, information such as software and 45 
the user data required by MPU 46 in the user terrrenal 
20 are supplied to the user termir^l 20 by the software, 
and stored in RAM of the user tenminai 20. 

Besides, either one of the first crypt-key or the sec- 
ond crypt-key supplied from the key control center or the so 
copyright management center, and the data copyright 
management system program are stored In RAM of the 
user terminal unit 20. 

The process of decryption and re-encryption are 
shared by MPU 46 of the main body of the user terrrtnal ss 
20 and GPU 16 of the data copyright management unit 
30; one encrypts data and the other decrypts data, and 
only the processed results of the data copyright manage- 
ment unit 30 are transferred to the user terminal. 



The specific internal structure of the data copyright 
management unit 30 in Rgure 3 is shown in Figure 4, 

A microconputer (CPU) 16, read only semiconduc- 
tor memory (ROM) 18, write/read memory (RAM) 19, 
and electrically erasable programmable memory (EEP- 
ROM) 31 are enclosed in the data copyright manage- 
ment unit 30, and are connected to microcomputer bus 
17 of the microcomputer 16, the microcomputer bus 17 
being further^connected to system bus 22 of the user ter- 
minal 20 main body. 

The data copyright nnanagement system program, 
crypt algorithm, and the user information are stored in 
the read only semiconductor memory 18. 

Inside of the electrically erasable programmable 
memory 31 is divided into three areas. 

In the first area 35, the first public-key Kbi , the first 
private-key Kvl , the second public-key Kb2, and the sec- 
ond private-key Kv2 are stored. 

In the second area 36. the copyright management 
program P. the first secret-key Ksl as a permit key in tiie 
primary use such as view permit^store pemnit/copy per- 
mit/edit permit^nsfer permit and the second secret 
key Ks2 as a permit key in the secondary use such as 
view permit^tore permit/copy permit/edit pemnit/lransf er 
permit are stored. 

Further, in some case where the copyright manage- 
ment program is not supplied form the outside, but preset 
in the user side, the copyright management program is 
stored in the read only memory 18. rather than in the 
second area 36 of the electrically erasatsie programma- 
ble memory 31. 

In the third area 37. copyright information such as 
the original copyright information and the secondary 
copyright information, and air access control key are 
stored. 

As in the case of the electrically erasable program- 
mable memory 31, inside of the write/read memory 19 
is divided into three areas. 

In the first area 32, tiie first public-key Kb1 . tiie first 
private-key Kvl, and the second public-key Kb2 are 
stored during operation. 

In the second area 33, the first secret-key 1^1 as a 
permit key In the primary utilization such as view per- 
mit^tore permit/copy permit/edit permit/transfer permit 
is stored during operation. 

In the third area 34, an access control key is stored 
during operation. 

The user terminal attached with the data copyright 
management apparatus is reliable since it performs all 
the process for utilizing data within the data copyright 
management unit related to tiie present invention, so that 
only the results are transferred to the user terminal for 
various utilization. 

When picture data containing large amount of infor- 
mation is transmitted/received, original data is transmit- 
ted after being compressed in order to reduce the 
amount of data and the compressed data is expanded 
after reception to utilize it. In this case, data copyright 
may be managed by encryption. 
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in Rgure 5, an example of data copyright nianage- 
ment flow when encrypted data is digital picture com- 
pressed in JPEG standard or MPEG standard. The flow 
is divided into transmitting side flow and receiving side 
flow with a transmit line in between, and the receiving 5 
side flow is further divided into deplay flow and storage 
flow. 

The signal process in the transmitting side consists 
of process preparing digital picture and process process- 
ing the digital picture prepared. In this process, if an orig- 10 
jnal picture is the digital picture 41, It proceeds to next 
process. If an original image is an analog picture 40, dig- 
itizing process 42 is performed. 

The digital picture Is corrpressed 43 first by given 
standard such as JPEG standatd, or MPEQ standard, is 
then the compressed digital data is encrypted 44 using 
the first secret-key. 

The picture data signal processed in transmitting 
side is transmitted through transmission line 45 sudi as 
satellite broadcasting wave, ten-estrial broadcasting 20 
wave, CATV wave, or public telephone line/ISDN lina 

Further, recording media su^ as a digital video 
tape, a digital video disk, or CD-ROM m^ be used as 
the transmission lina 

Thus the picture data transmitted to the receiving 25 
side is decrypted 46 first using the first secret key, then 
the compressed picture data is expanded 47 to be dis- 
played 49. When the displ^ Is a digital data display unit 
it is directly displayed, however, when it is an ar^log data 
display unit, it is converted to analog data AS. 30 

When data is stored in hard disK flexible disK opticaJ 
magnetic dIsK writable video disk or the tike, it is stored 
after being re-encrypted 50 using the second secret key. 

In displaying again the picture data re-encrypted and 
stored, it is re-decrypted 52 using the second secret key 35 
and displayed 49. If the display unit is a digital data dis- 
play unit, it is directly di^tayed. however, if it is an analog 
data di^lay unit it is converted to analog data 48. 

Moreover, for data compression/expansion means 
and transmission path, appropriate ones conpatible with 4o 
the data are used. 

Figure 6 shows an exanpte of the data copyright 
management system disclosed in the prior Japanese 
Patent Application Na 237673/1994. This system uses 
the secret-key system as a cryptosystem, 4S 

In the case of this s^em. reference numeral 1 rep- 
resents a database in vt^ich text data, binary data serv- 
ing as a computer graphic display or a computer 
program, digital audio data, and digital picture data are 
stored by being encrypted, 1 4 represents a space satel- so 
lite such as a communicatiorts satellite or a broadcasting 
satellite, 15 represents a data recorder such as a CD- 
ROM or a flexitsle disk, 2 r^resents a communication 
networksuch asa public telephone line offered byacom- 
munication enterprise or a CATV line offered by a cable ss 
televi^on enterprise, 4 represents a primary user termi- 
nal, arKi 1 6 represents a key control center for managing 
a secret-key, and 17 represents a copyright manage- 
ment center for managing a data copyright 



Reference numerals 5, 6, and 7 represent a second- 
ary user terminal, a tertiary user terminal, and n-order 
user terminal respectively, and 11.12, and 13 represent 
a secondary disk, tertiary disk, and n-order disk serving 
as a recording medium such as a flexible disk or CD- 
ROM respectively. The symbol "n" represents an optional 
integer. When "n" is larger than 4, a corresponding user 
temninal and a corresponding di^ are arranged between 
the tertiary user terminal 6 and the n-order user terminal 
7 and b^een the tertiary disk 12 and the n-order disk 
13 respectively. 

OntheaboveanBngementthedatak>ase 1, keycon- 
trol center 1 6, copyright management center 1 7, primary 
user terminal 4, secondary user temriinal 5, tertiary user 
terminal 6, and n-order user terminal 7 are connected to 
the conrvnunication network 2. 

tn this figure, the path shown by a broken line is a 
path of encrypted data, a path shown by a solid line is a 
path of requests from each user temnnal, and a path 
shown by a one-dot chain line is a path through whidi 
authorization information corresporKiIng to a utilization 
request and a secret-key are transfen^ed. 

Moreover, each user who uses tills system is previ- 
ously entered in tiie database system. When the i^r is 
entered in the system, a database utilization software is 
given to the user. The database utilization software 
includes not only normal communication software such 
as a data comnrunication protocol but also a program for 
, running a copyright management program. 

Original data MO of text data, binary data as a com- 
puter graphic display or conputer program, digital audio 
data, or digital picture data stored in the database 1 or 
data recording medium 1 5 is one-way suppli^ to tiie pri- 
mary user terminal 4 via tiie conrvnunication network 2, 
satellite 1 4 or recording medium 1 5. 

In tills case, the data is encrypted with a first secret- 
k^Ksl: 

CmOksl bEO^I.MO). 

Even if data provided wrtti advertisement to be 
offered free of charge, It is necessary to be encrypted In 
order to protect ttie copyright 

It is disclosed in tiie Japanese Patent Application 
Na 64889/1994 which is tiie prior application that the 
data utilization Indudes not only displaying of data whidi 
is the most basic usage but also storing, editing, copying, 
and transmitting of the data, a use permit key is pr^ared 
which corresponds to one or sevemi forms of usage, and 
its management is executed by the copyright manage- 
ment program. 

Moreover, it Is described there that data is encrypted 
again by the copyright management program for use 
such as storing, opying, editing and transmitting of the 
data other than displaying of ttie data and displaying for 
editing ttie data 

In other words, ttie data whose copyright is claimed 
is encrypts to be distributed, and only when the data is 
displayed or displayed for editing tiie data in a user ter- 
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minal having a copyright treatment function, the data is 
decrypted to a plaintext 

This system disclosed in Japanese Patent Applica- 
tion No. 237673/1994 uses the method described in the 
prior application No. 64889/1 994. s 

A primary user who desires primary utDization of the 
supplied enoypted data CniOksl requests for primary 
utilization of the encrypted original data CmOi^l by des- 
ignating the original data name or the original data 
nurhber to the icey control center 1 6 via the communica- to 
tion networlc 2 from the primary user terminal 4. In this 
case, the primary user must present information lul for 
primary user to the key control center 16. 

The key control center 16 receiving the primary uti- 
lization request from the primary user terminal 4 trans- is 
fers first secret-key Ks1 for decrypting the encrypted 
original data CmOksl obtained from the database 1 by 
the primary user and second secret-key Ks2 for re- 
encrypting the decrypted original data MO or edited data 
Ml from the origir^ data, together with a copyright man- 2o 
agement program P via the communication network 2 to 
the primary user terminal 4. 

In the primary user terminal 4 receiving the first 
secret-key Ksl as a deayption key and the second 
secret-key Ks2 as an encryption/decryption key, the 2S 
encrypted original data CmOksl is deaypted by the first 
secret-key Ksl using the copyright management pro- 
gram P 

MO bD(Ks1, CmOksl) so 

to use the decrypted original data MO directly or data Ml 
as edited. 

When the data M which is the original data MO or 
edited data Ml is stored in a memory or a built-in hard as 
disk drive of the primary user terminal 4. orty the primary 
user can use the data. However, when the data M is cop- 
ied to the eicternal recording medium 1 1 such as aflexible 
disk or transmitted to the secondary user terntinal 5 via 
the communication network 2, a prbblem off a copyright 40 
due to secondary utilization occurs. 

When the original data MO obtained by the primary 
user is directly copied and supplied to a secondary user, 
the copyright of the primary user is not effected on the 
data MO because the original data MO is not modified at 4s 
all. However, when the primary user produces new data 
Ml by editing the obtained data MO or by using means 
such as combination with other data, the copyright of the 
primary user, i. e., secondary exploitation right occurred 
from secondarily utilizing original data, is effected on the so 
data Ml. 

Similariy, when a secondary user produces new 
data M2 by Siting the original data MO or edited data 
Ml obtain&l from the primary user or by means such as 
combination of other data, the copyright of the secondary ss 
user; t. e.. secondary exploitation right on the secondary 
user is also effected. 

In this system, to correspond to the problem of the 
copyright, the data M is encrypted by the second secret- 



key Ks2 using the copyright management program P 
when the data M is stored, copied, or transmitted. There- 
after, in the primary user terminal 4, the data M is 
decrypted and encrypted by the second secret-key K82: 

Cmls2 = E(Ks2. M) 
M » D(Ks2, Cmks2). 

H is free in principle that the primary user displays 
and edits data to obtain edited data. In this case, how- 
ever, it is possible to limit the repetitions of the operation 
by the copyright management program. 

When the data M Is copied to the external recording 
medium 11 or transmitted via the communication net- 
woric 2, the first secret-key Ksl and the second secret- 
key K&2 in the primary user temninal 4 are disused by the 
copyright management program P. Therefore, when 
reusirtg the data M the primary user requests for utiliza- 
tion of the data M to the key control center 16 to again 
obtain the second seaet-key Ks2. 

The feet that the user receives the regrant of the sec- 
ond secret-key Ks2 represents secorxJary utilization of 
data in which the data M has been copied to the extemal 
recording medium 1 1 or transmitted to the secondary 
user terminal S via the communfeation netwwjrk 2. There- 
fore, the fad is entered in the copyright management 
center 1 7 from the key control center 1 6 and subsequent 
secondary utilization comes possible. 

The data M is moved from the primary user terminal 
4 to the secondary user temvnal 5 t>y the extemal record- 
ing medium 1 1 or the communication network 2. When 
the data M is copied to the external recording medium 
1 1 or transmitted via the communication network 2, ft is 
encrypted by the second secret-key Ks2. 

When the data M is copied to the external recording 
medium 11 or trar^mrtted via the communication net- 
work 2, the first secret-key Ksl and the second secret- 
key 1^ in the primary user terminal 4 are disused. In 
this time, uncrypted primary user information lul is 
added to the encrypted data Cmks2 stored in the primary 
user terminal 4 and when the encrypted data Cmks2 is 
transmitted to the secondary user, the primary user infor- 
mation lul is also transfenred. 

A secorKfary user who desires secondary utilization 
of the encrypted data Cmks2 copied or transmitted from 
the primary user mi^ designate original data name or 
data number to the copyright management center 1 7 via 
the communication network 2 by the secondary user ter- 
minal 5 and also present the secondary user information 
lu2 to request for secondary utilization of the data Cmks2 
to the center 17. In this time, the secondary i«er further 
presents the uncrypted primary user information lul 
added to the encrypted data Cmks2 in order to clarify tiie 
relationship with the primary user. 

The copyright management center 17 confirms that 
the primary user has receive a regrant of tiie second 
secret-key Ks2 for secondary-utilizing the data, in 
accordance with the presented primary user information 
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lul and then, transfers the second secret-key Ks2 serv- 
ing as a decryption key and the third secret-key K&3 serv- 
ing as an encryption/decryption key to the secondary 
user terminal 5 via the comniunication network 2. 

In the secondary user terminal 5 receiving the sec- 
ond seaet-key Ks2 and the third secret-key Ks3. the 
encrypted data Cmk52 is decrypted using the second 
secret-key Ks2 by the copyright management program P 

M ^ D(Ks2. Cmk52) 

and is secondarily utilized such as being displayed or 
edited. 

In this system, the key control center 16 processes 
a primary utilization requests and the copyright manage- 
ment center 17 processes a secondary utilization 
requests. While the data M supplied to a primary user is 
encrypted by the first secret-key Ksl. the data M sup- 
plied to a secondary user is encrypted by the second 
secret-key Ks2. Moreover, the first secret-key Ksl and 
the second secret-key Ks2 are transferred to the primary 
user as crypt keys from the key control center 16. 

Therefore, if the secondary user, instead of the pri- 
mary user, falsely requests for primary utilization to the 
key corrtrol centa* 1 6, the first secret-key Ksl for decryp- 
tion and the second secret-key \<s2 for encryp- 
tion/decryption are transferred to the secondary user. 
However, the secondary user cannot decrypt the 
encrypted data Cmte2 by using the first secret-key Ksl 
transferred as a decryption tey. 

Therefore, tt is imposstole to falsely request tor data 
utilization and resultingly, not only the original copyright 
of data but also the copyright of the primary user on the 
data are protected. 

When storing, copying, or transmitting of the data M 
other than displaying and displaying tor editing is per- 
formed in the secondary i^er terminal 5. the data M is 
encrypted using the third seaet-key Ks3 by the copyright 
management program P and thereafter, the data is 
decrypts and encrypted by the third secret-key Ks3: 

CnnksS » E(Ks3. ^A) 

M ^ D(K63. Cmks3). 

Moreover, tt ts free in principle that the secondary 
user displays and edits data to obtain the edited data M2. 
In this case, it is possible to Gmit the repetitions of the 
operation l3y the copyright management program P. 

When the data M is copied to the external recording 
medium 12 or transmitted via the communication net- 
work 2. the second secret-key Ks2 and the third seo-et- 
key Ks3 in the secondary user terminal 5 are disused by 
the copyright management program P. Therefore, when 
reusing the data M, the secondary user requests tor the 
utilization of the data to the copyright nnanagement 
center 17 to again obtain the third secret-key Ks3. 

The fact that the secondary user receives a regrant 
of the third secr^-key Ks3 represents secondary utiliza- 



tion of data in which the data M has been copied to the 
e}cternal recording medium 12 or transmitted to the ter- 
tiary user terminal 6 via the communication network 2. 
Therefore, the fact is entered in the copyright manage- 

5 ment center 1 7 and allov^ subsequent data use. 

The data M is moved from the secondary user ter- 
minal 5 to the tertiary user terminal 6 by the external 
recording medium 12 or Isy the communication network 
2. When the data M is copied to the external recording 

10 medium te or transmitted via the communication net- 
work 2, it is encrypted by the third secret-key Ks3. 

When the data M is copied to the external recording 
medium 12 or transmitted to the tertiary user terminal 6 
via the communlcatbn network 2. the second secret-key 

IS Ks2 and the third secret-key Ks3 in the secondary user 
terminal 5 are disused. In this case, the uncrypted sec- 
ondary user information Iu2 is added to the encrypted 
data Cmks3 stored in the secondary i^r terminal 5, and 
when the encrypted data Cmks3 is transmitted to a ter- 

20 tiary user, the secondary user information Iu2 is also 
transferred. 

In adding each user information to data, there are 
two cases: a case in vt^hich every informatbn is added to 
data whenever it is copied or transmitted; and another in 
25 which tiie history updated whenever the data is copied 
or transmitted is stored in the copyright management 
center. 

A tertiary user who desires tertiary utilization of the 
, encrypted data CmksS copied or transmitted from the 

30 secondary user rm^t designate ori^nal data name or 
number to the copyright management center 17 from a 
tertiary user terminal 6 via the communication network 
2 and also presents the tertiary user infomrtation Iu3 to 
request tor tertiary utilization of tiie data. In tiiis time, the 

35 tertiary user further presents the uncrypted secondary 
user infonmatton Iu2 added to the encrypted data Cmks3 
in ord& to clarify tiie relationship with the secondary 
user. 

The copyright management center 1 7 confirms that 
40 the secondary user has received a regrant of tiie third 
secret-key Ks3 tor preparation of tertiary-utilizing the 
data, in accordance witii the pi-esented secondary user 
Infonmation Iu2 and then, transfers the ttiird secret-key 
Ks3 serving as a decryption key and fburtii secret- 
45 kByKs4 serving as an encryption/decryption key to the 
tertiary user terminal 6 via tiie communication network 2, 
In tiie tertiary user terminal 6 receiving the third 
secret-key Ks3 and the fourth secret-key Ks4, the 
encrypted data CmksS is decrypted using the third 
so secret-key Ks3 by the cqsyright management program P 

M » D(Ks3, Cmks3) 

and is tertiarily utilized such as being displayed or edited. 
55 In tills system, the data M supplied to tiie primary 
user is encrypted by the first secret-key Ksl and tiie data 
M supplied to the secondary user is encrypted by the 
second secret-key Ks2. and ttie data M supplied to tiie 
tertiary user is encrypted by tiie third secret-key Ks3. 
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Therefore, if the tertiary user, instead of the primary 
user, faisely requests for primary utilization to the key 
control center 1 6. the first secret-key Ksl for decryption 
and the second secret-key Ks2 for encayption/decryption 
are transferred to the tertiary user, l-lowever, it is impos- 
sible to decrypt the encrypted data Cmte3 by the first 
secret-key Ks1 transferred as a decryption key. Moreo- 
ver, if the tertiary user, instead of the secondary user, 
falsely requests for secondary utilization to the copyright 
management center 1 7, the second secret-key Ks2 and 
the third secret-key Ks3 are transferred to the tertiary 
user as a decryption key £Uid an encryption/decryption 
key respectively. However, rt Is impossible to decrypt the 
encrypted data CmKs3 by the second s^et-key K82 
transfenred as a decryption key. 

Therefore, it is inrpossible to falsely request for data 
utilization. As a result, not only the original copyright of 
the data but also the copyrights of the primary and sec- 
ondary users on the data are protected. 

The same procedure is applied to quatemary and 
subsequent utilization. 

In the above described system, the database 1 , key 
control center 16, and copyright management center 17 
are s^aarately anang^ However, it is not always nec- 
essary to arrange them separately. It is also pc^Osle to 
set all of or proper two of them integrally. 

Moreover, it is also possible to request for a regrartt 
of the secondary secret-key from the primary user not to 
the key control center 16 tsut to the copyright manage- 
ment center 17. 

In Rgures 7(a) and 7(b}, signal process f bw in 
edit method of digital video or digital audio is shown. An 
edit flow generally processed Is shown in 7(a} and an 
edit flow 7(b) which can avoid deterioration of signals. 

In the ^it flow shown in 7(a), signals supplied as 
digital ^gnals 61 are converted to analog signals 62, the 
analog signals are then edited while being displayed 64, 
and the analog signals conrpleted editing are re-digitized 
65 to be stored, copied, arKi transfenred 66. 

Though this process may be sinple, it can not avoid 
deterioration of signals since signal Is edited in analog 
and re-dlgitiz^ after completion of editing. 

The edit flow shown in 7(b), digital signals 61 are 
converted to analog signals 62 to be displayed. While the 
analog signals 62 are used in editing 63, the analog sig- 
nals are used only for displaying 64 rather than for stor- 
ing, copying, transferring. 

Signals for storage, copy, and transfer are edited 67, 
copied, and transferred 66 in the form of digital signals 
61 con^espond to signals displayed in analog. 

In the case of this edit flow, there istio deterioration 
of signals since digital signals which are stored, copied, 
and trar^erred are never converted to analog signals. 

Rgures 8(a) and 8(b) illi^trate flow exanrples when 
editing encrypted data to which signal process in data 
editing method of digital video or digital audio shown in 
Rgure is applied. 8(a) shows a simplified signal process- 
ing flow and 8(b) shows a signal processing flow which 
allows sufficient copyright management 



In the signal processing flow shown in (a), the orig- 
inal data 71 CmOksl , encrypted using the first secret-key 
Ksl and supplied is initially decrypted 72 using the first 
secret key Ksl : 

5 

MO«D (Ksl.CmOksl), 

BXKa the decrypted data MO is then edited 73 while being 
displayed 74. The data Ml completed editing is re- 
10 encrypted 75 using the second secret key 1^: 

Cm1ks2z3E (Ks2. Ml) 

and stored, cqsied. and transferred 76. 

IS Though the process nay be simple, copyright can 
not be properly nmnaged since there is possibility that 
the decrypted data might be stored, copied, or trans- 
ferred due to the data editing process in decrypted form. 
On the other hand, in the signal processing flow 

so shown in 8(b), the original data 71 CmOksl, encrypted 
using the first secret key Ksl is decrypted 72 using the 
first secret-key Ksl : 

MO=D (J^l. CmOksl) 

the decrypted data MO is displayed 74. 

While, the encrypted data CmOksl is ^ited 73, lead 
by the decrypted data MO, and the onglnal data MO for 
stprage or the edited data Ml are re-encrypted using the 
30 second secret-key: 

Cm0ks2r=E (Ks2, MO) 

Cm1ks2n:E (1^, Ml) 

35 

the encrypted data Cm0ks2 or Cml ks2 is stor^i, copied, 
and transferred 76. 

Without being decrypted conresponding to the 
decrypted and displayed data, it is edited 77 In the 

40 encrypted form, and the edition prc^ram and the data 
still encrypted are used for store, copy, transfer 76. 

In the case of this signal processing flow, the 
decrypted data are never stored, copi^, or transferred 
since the data for storage, copy, transfer remains 

45 encrypted. 

In the data copyright management system which 
applies the data copyright management apparatus of the 
present invention, while data is decrypted for utilization 
when the obtained encrypted data are displayed/edited, 

so data copyright is nonaged by encrypting data when 
obtained or edited data is stored/ccpied/transfen'ed. 

However, the date copyright management unit 15 of 
the prior invention shown in Rgure 2 and the data copy- 
right management unit 30 of the present invention 

55 described in Rgure 3 can perform only one process of 
decryption of encrypted data or encryption of decrypted 
data. When decrypted or edited data is stored/cop- 
ied/transferred, therefore, it is necessary to store data in 
the user terminal or RAM of the data copyright manage- 
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mertt apparatus to re-encrypt the stored data afterwards. 
Thus, there is a possibility that decrypted or edited data 
might be lost due to accident or misoperation as well as 
posing limrtation in volume to the data that can be proc- 
essed. 

With the exception of some high-class MPU general 
MPU used in personal computers does not take into 
account the multiprocessor configuration which allows 
concurrent operation of plural microccmputers. There- 
fore, plural operations can not t>e performed at the same 
time, although accessory units are connected to the sys- 
tem bus of the personal computer. 

Accordingly, to connect the data copyright manage- 
ment unit 1 5 shown in Rgure 2 or the data copyright man- 
agement unit 30 shown in Rgure 3 to the system bus 22 
of the user termir^ 20 ne^er provides multiprocessor 
function that enables concurrent operation of MPU 21 or 
46 and CPU 16, and the processes of decryption of 
encrypts data and re-encryption of decrypted data are 
performed altemately. not concurrently. Thus, a large 
amount of data can not be proc^sed since the data to 
be encrypted and decrypted is limited by the capacity of 
RAM. Further, it is impossilale to increase the processing 
speed, even if the amount of data is not larga 

On the other hand, In the data copyright manage- 
ment system described as the prior application, 
encrypted data obtained is decrypted to use for display- 
ing or editing, and when the obtained or edited date is 
stored, copied, or transferred, it is re-encrypted in order 
to prevent unauthorized utilization of thedata. Therefore, 
it is desirable that the apparatus in the data copyright 
management system of the present invention performs 
not only decryption but also re-encryption of data at the 
same time. 

Recently, a PCI (Peripheral Component Intercorv 
nect) bus has attracted attention as means for imple- 
menting a multiprocessor configuration of typical 
personal computer. 

The PCI bus Is a bus for external connection con- 
nected to a system bus of personal computer via a PCI 
bridge, and allows to Implement a multiprocessor config- 
uration. 

Figure 9 shows embodiment 2 of this invention, 
which is a configuration of data copyright management 
apparatus using a PCI bus and the same configuration 
of data copyright management unit 1 5 as shown in Rg- 
ure 3, that is. a computer configuration having a CPU 16, 
a local bus 17 for the CPU 16. arKl ROM 18, RAM 19. 
and EEPROM 31 connected to the local bus 17. 

In a i^er terminal 20, a PCI bus 81 is connected to 
a system bus 22 for a microprocessor 21 viaa PCI bridge 
82 and the local bus 17f6rtheCPU16ofa data copyright 
management apparatus 80 is connected to the PCI bus 
81 . Also connected to the system bus 22 of the user ter- 
minal 20 are a communications device (COMM) 23 
which receives data from external databases and trans- 
fers data to the external of tire terminal, a CD-ROM drive 
(CDRD) 24 which reads data supplied on CD-ROM a 
flexible disk drive (FDD) 25 which copies rec^ved or 



edited data to supply to the external of terminal, and hard 
disk drive (HDD) 26 used for storing data. COMM 23, 
CDRD 24, FDD 25. and HDD 26 may also be connected 
to the PCI bus 81. 

5 While ROM, RAM etc., of course, are connected to 
the system bus 22 of the user terminal, these are not 
shown in Rgure 9. 

Configurations and operations of other parts are the 
same as enrSsodiment 1 shown in Rgure 3, and further 

10 explanatidh of them will be omitted. 

A decryption task is performed by the MPU 21 of the 
user terminal 20 and an encryption task is perform^ by 
the CPU 16 of the data copyright management appara- 
tus 80 at the same time, and vice versa Since the con- 

15 figuration of the MPU 21 and CPU 1 6 in this embodiment 
is a multiprosessor configuration which performs parallel 
processing with a PCI bus, high processing speed can 
be achieved. 

Other typical means for attaching external devices 
£0 to a personal computer include SCSI (Small Comp>uter 
System Interface), which is used for the connection of 
external storage medium such as hard disk drives and 
CD-ROM drives. 

Up to eight devices^ including the personal computer 
25 itself to which SCSI is attached, can be connected to 
SCSI, and a plurality of computers may be included in 
the eight devices. Each of these corrputers can play an 
equivalent role, in other words, SCSI function as not only 
' an interface but also a multiprocessor bus. 
30 Taking advantage of this function of SCSI, embodi- 
ment 3 connects a data copyright management appara- 
tus 85 to the system bus 22 of a user terminal 20 via 
SCSI 86 (hereinafter called the "SCSI bus", for clear 
understanding) instead of the PCI bus 81 in emtxxJiment 

35 2, 

Rgure 10 shows a configuration block diagrEum of a 
data copyright management apparatus of embodiment 3 
which uses and SCSI bus according to the present inven- 
tion. 

40 In embodiment 3. the configuration of the data cop- 
yright management apparatus 85 is the same as the data 
copyright management apparatus shown in Figure 3, 
that is, the apparatus has a CPU 16, a local bus 17 for 
the CPU 16, and ROM 18, RAM 19, and EEPROM 31 

45 connected to the local bus 1 7. 

On the other hand, an SCSI bus 66, which is con- 
trolled by an SCSI controller (SCSICONT) 87, is con- 
nected to a system bus 22 for a microprocessor 21 of a 
user ternvnal 20, and the local bus 1 7 for the CPU 1 6 of 

so a data copyright management a|:paratus 85 is con- 
nected to this SCSI bus 86. 

Also connected to the system bus 22 of the user ter- 
minal 20 are a communications device (COMI^ 23 
which receives data from external databases and trans- 

55 fers data to the external of the terminal, a CD-ROM drive 
(CDRD) 24 which reads data supplied on CD-ROM, a 
flexible disk drive (FDD) 25 which copies received or 
edited data to supply to the external of temninal, and hard 
disk drive (HDD) 26 used for storing data. COMM 23, 
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?°^°in'J:°° ^ 26 may also be connected 
to the SCSI bus 86. 

While ROM. RAM etc.. of course, are connected to 
the system t«is 22 of the user terminal, these are not 
shown in Rgure 10. 

Configurations and aperaf ions of other parts are the 
same as embodlmnt 1 shown in Figure 3. and further 
explanation of them will be omitted. '"""er 

A decryption task is performed by the MRU 21 of the 
i«8r terminal 20 and a encryption task is performed by 

^ ST- J *^ ^ management appara- 

tus M at the same time, and viceverea Since theren- 
figuration Of the MRU 2 1 and CPU 1 6 in this embodlrnai 
.samultipros^r configuration which pertbrmsparaS 

«,ni?^^- "^J"" implementing a multiprocessor 
^ SCI (Scalable Coherent Inter- 
^e) may be used. and. If possible, the microprocessors 
"^^^^Z^^^'th each other without using a bus 
Oata to be managed by the data copyright manage^ 

^ P-"^*"' includes, 
addrtion to text data, graphic data, conputer program^ 
d-gtel aulio data. jREG-based still pSture ^ 
MPEG-based moving picture. 

n* JJ® above^nentioned multijarocessor configuration 
fjj!.-^- management apparatui 80 <5 

embodiment 2 and the data copyright managemert 
Wratus 85 of embodiment 3 is implementedly «T 
nectingtheapparatustothe system bus 22 of the micro- 
sS^'if T 20 ^« « PCI bToTa 
SCSIbus. In such multiprocessor configuration. thBMRU 
fl»«^ p"^'.^.T^' 2° """^ control the overaB 
i^/ '1?^^ ^ data such as text 
f^„S'^"'*^**^**^^P^9«"«"«9ementwrth 
encwton and re-encryption can be performed by Z 

™ihprocessor configuration using the MRU21 andCRU 
MP^iofSSSI^'!?^«^'^^9'"«"^«^^^ 
date copyright management by such configuratfon Is 
^ada^bly difficult to perform because the Sate te 

Tb deal with this problem, a multiprocessor system 

aaSiST J»""«=«°" « danpyrigfj^"!. 
agemenf apparatus 80 and a second data copyright 
management apparatus 90 to a PCI bus 81 in eJSS 
ment 4 shown in Figure 1 1 . 

The configuration of the second date copyright man- 

date copynght managemert apparatus 80. that is the 

Sii^V T ."^"^ RAM 93. and EERROM 95 con- 
nected to the local bus 94. 

Inthis embodiment the first date copyright manaae- 
m«,tapparatus80decrypts encrypted dateSeSc- 
ond date copynght management apparatus 90 re- 
encrypte decrypted date. •vH«atus «, re 

ha««?fli'^"'^*°"'®"''''^^°**a^e tor utilizing data- 
bases and user date, are stored in the ROM 18 of the 
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first date copyright management apparatus 80 decrvnf- 
^ encrypted date. A first crypt-k^?Sate 
n«n^ement system program supplied l>y a key So 

feinrf ^'"'^ '"tof^ton. such as software for uf - 

So?£« -^^"^ "^"^^^ the ROM 

g of the second.date copyright management apparatus 
90rejncrypt«gdecryp,edda^^ 

system progra^su?! 

Smer^r! 5^ '"^^^ " management 
cemer are stored in the RAM 93. 

In this multiprocessor configuration. SCSI or SCI 
™ybeused.and.lfposslble.themlcroprocessoramffl^ 
'5 beconnectedwitheachotherwithoutusir^rbr^ 

r^^Tte with 
[cSSS ^' co'nmunioations device 

to^S* "^V°°."°>24are«»nnectedtothe8ystem 
busoftf,ei«erterminal20. In orderto decrypt enacted 
date, therefore, the encrypted data must beLSS^ 
by of the system bus of the user terminal 20 SJSe 
to«Ibusofthedatecopyrightmanagemertaw«rat^ 
?SlfT'^r*^''^«P«^»"SsP«edcanSSS^^ 
This IS true for a configuratfon in which those attached 

devices are connected to a PCI bus or SCSI bus. 
In embodiment 5 shown in F^ure 12. a communica- 

!2i"°'^'*":?24areconnecledtoalocalbu8l7of 
««n ■ management apparatus 97 for decryp- 

order to prevent processing speed from 

3s AT^Hl® ''!?„«Wright management apparatus 97 of 
^ embodiment 5 shown in Figure 12 is adate cppyrigW 
TOnagemert apparatus for decryption and itecaSeura^ 
ton « essentally the same ^ of the date^St 

^TTl ^^T^ ^ embodimert 1 stoJilrrin 
ngure 3. that is, the computer system has a CPU 16 a 

TOM 31 connected to the local bus 17. and a communi- 
cation device COMM 23 and a CD-ROM drive CDRD 24 
are connected to the focal bus 17. 

45 nrrJ^^al'^'^ such as a copyrightmanagemert 
S^^'^'/'yP*°9'^P«'a'am based on cry^aigo- 
nthm, and user date, are stored in the ROM 18 

Copynght information is stored in the EERROM 31 
managemert program and cryptography 

^!!'J^'*-® f^'^ ""^«* ^" EEPROM 31. 
rather than in the ROM 18. 

BnJi^'!^^''*^^^"^ copyright man- 
agemert system program supplied from a key control 

5s ^^«;^«Wiohtmanagemertcenterarestoredinthe 

CDRnTi^^ ^"PP"®^ ^ COMM 23 or 
V^ryPted by the date copyright manage- 
mert apparatus 97 and transferred to a user terminal 95. 
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While the above-mentioned data copyright manage- 
ment apparatus 80 and 90 of embodiment 4 are 
described as being configured separately, these appa- 
ratus, of course, can be configured as a unit 

Rgure 13 shows a data copyright management 
apparatus of ennbodiment 6 which Is extended from the 
data copyright management apparatus 97 of embodi- 
ment 5. 

In the prior application shown in Rgure 2 and the 
embodiment 1 descnlsed with reference to Figure 3. the 
- storage moiium. such as HDD 26. for storing re- 
encrypted data are connected to the system bus 22 of 
the user terminal 20. In order to store re-encrypted data, 
therefore, the encrypted data must be transmitted byway 
of the system bus 22 of the user teminal 20 and the local 
bus 1 7 of the data cq?yright management unit 1 5 or data 
copyright management unit 30, and consequentiy. 
processing speed can be slowed This Is true for a con- 
figuration in which those attached devices are connected 
to a PCI bus or SCSI bus. 

In the data copyright management apparatus 100 of 
the embodiment 6 shown in Rgure 13, in addition to the 
communications device COMIW 23 and the CD-ROM 
drive CDRD 24 connected to the local bus 1 7 In the data 
copyright management apparatus 97 for decryption in 
the embodiment 5 shown in Rgure 12. storage devices 
sucfi as HDD 26 for storing re-encrypted data are corv 
nected to the local bus 94 of the data copyright manage- 
ment ai:paratus 101 for re-encryption. 

The configuration of the data copyright management 
apparatus 101 for re-enayption in embodiment 6 is 
essentially the same as that of the data copyright man- 
agement unit 30 shown in Rgure 3, that is, the conputer 
system has a CPU 91 , a local bus 94 for the CPU 91 , 
and ROM 92, RAM 93 and EEPROM 95 connected to 
the local bus 94, and HDD 26 is conn«rted to the local 
bus 94. 

Rxed information, such as a copyright management 
program, cryj^ography program based on crypt algo- 
rithm, and user data, are stored in the ROM 92. 

Copyright Infonttatlon is stored in the EEPROM 95. 
If the copyright management program and cryptography 
program are supplied from the external such as ctota- 
bases. those programs are stored in the EEPROM 95 
rather than the ROM 92. 

A crypt-key for re-encryption and a data copyright 
management system program supplied from a k&y con- 
trol center or copyright management center are stored 
in the RAM 93. 

Data re-encrypted by the copyright management 
apparatus 101 far re-encryption Is stored in HDD 26. 

While the above-mentioned data copyright manage- 
ment apparatus 100 and 101 of embodiment 6 are 
described as being configured separately, tiiese appa- 
ratus, of course, can be configured as a unit 

Digital data includes, in addition to text data, graphic 
data, computer programs, digital sound data. JPEG- 
based still picture data, and MPEG-based moving pic- 
ture data. 



A typical user terminal which utilizes copyrighted 
data is computer apparatus such as personal computers. 
Other apparatus which utilize such data are receivers 
such as television sets, set-top boxes used with those 
5 receivers, digital recording apparatus such as video tape 
recorders, digital video disk recorders, ar^ digital audio 
tapes (DAT) which store digital data, and personal digital 
assistants (PDA), 

The data copyright management apparatus shown 
10 in Rgure 2 which is configured as an expansion board. 
IC card, or PC card and described in the prior patent 
application No. 237673/1 994 or the data copyright man- 
agement apparatus shown in Rgure 6 may be used by 
attaching It to a user terminal which Is a computer, 
IS receiver, set-top box, digital recording maiium, or PDA. 
However, it is desirable that a data copyright manage- 
ment apparatus is factorynnstailed in the user terminal 
in order to eliminate labor and failure during the attach- 
ment of the apparatus, 
w To accompiish this, in each embodiment of the 
present invention, a data copyriglTt management appa- 
ratus is implemented in the form of a monolithic IC, hybrid 
IC, or built-in subboard arid is incorporated in a user ter- 
minal such as conputer apparatiffi such as personal 
25 computers, receivers such as television sets, set-top 
boxes used with tiiose receivers, digital recording 
mecfium such as digital vkJeo tape recorclers. digital 
, video disk recorders, and digital audio tape PAT) which 
' ^ore digital sigrals. or personal digital assistants (PDA). 
30 Further, the apparatus for managing data copyright 
described above can be applied not only to the data uti- 
lization but also to the handling of the digital cash and 
video conference systems. 

The digital cash system which has been prqsosed 
35 SO far is based on a secret-key cryptosystem. The 
encrypted digital cash data is transfen-ed from a bank 
account or a cash service of a credit conrpany, and Is 
stor«j in the IC card so that a terminal device for input/ 
output is used to make a payment. The digital cash sys- 
40 tem which uses this IC card as an electronic cash-box 
can be used at any place such as shops or the like as 
long as the input/ output terminal is installed. However, 
the system cannot be used at pfaces sudi as homes or 
tiie lil^ where no input/output terminal is installed. 
45 Since the digital cash is an encrypts data, any 
device ^ be used as tiie electronic cash-box virhich 
stores digital cash data, in addition to tiie IC card, as long 
as the device can store encrypted data and transmit the 
data to the party to which the payment is made. As a 
so terminal whuch can be specifically used as tiie electronic 
cash-box, there are personal computers, intelligent tele- 
vision sets, portable telephone sets such as personal 
information terminal, personal handyphone system 
(PHS), intelligent tel^hone sets, and PC cards or tiie 
55 like which has an Input/ output funcfa'on. . 

Trades in which such terminals are us^ as an elec- 
tronic cash-box for a digital cash can be actualized by 
repladng in tiie constitution of tiie data copyright man- 
agement system, the database with a customer's bank, 
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a first user terminal with a customer, the second user 
terminal with a retailer, the copyright control center with 
a retailer's bank and a third user terminal with a whole- 
saler or a maker. 

An example of the trading system will be explained 
in which the digital cash is transferred via a communica- 
tion network by using Figure 14. 

The example uses the constitution of the data cop- 
yright management system shown in Rgure 1 . In Rgure 
14, reference numeral 111 represents a customer. 112 
a bank of the customer 111.113a retail shop, 114a bank 
of the retail shop 113, 115 a maker. 116 a bank of the 
maker 1 15, 2 a conumjnlcation network such as a public 
line provided by a communication enterprise or CATV 
line provided t>y a catde television enterprise. Customer 
111, the customer's bank 112, the retail shop 113, the 
retail shop's bank 1 14. the maker 1 15, the maker's bank 
116 can be mutually connected with the comnrunication 
network 2. In tHs system, the customer 111 can use a 
credit company offering cashing service ottier than 
banks and he can also irrterpose appropriate number of 
wholesalers between the retail shop and the mak^. 

In addition. 117 and 1 18 are either IC cards or PC 
cards in which digital cash data is stored. The cards are 
used when the communication network is not used. 

Incidentally, in Figure 14, what is represented tsy a 
broken line is a path of encrypted digital cash data, what 
is represented by the solid line Is a path of requests from 
the oistomer, the retail shop or the maker, artd what is 
represented by a one-dot chain line Is a path of the 
secret-key from each bank. 

in this exanrple. first secret-key prepared by the cus- 
tomer's bank 112, the second secret-key generated by 
the customer, the third secret-key generated by the retail 
shop, and the fourth secret-key prepared by the maker 
are used as crypt keys. 

Further, while the customer's k>ank 112, the retail 
shop's bank 114, and the maker's bank 116 are 
explained as separate entities, these can be conadered 
as a rmandal system as a whole. 

Digital cash management program P for encrypting 
and decrypting the digital cash data is ii^-eliminarily dis- 
tributed to the customer 111 and Is stored in the user 
terminal. Further, it is possit>le to transfer the digital cash 
management program P together with data every lime 
trade with the k^ank is executed. Further, it is desirable to 
install the common digital cash management program P 
in all banks. 

The customer 111 uses the user terminal to desig- 
nate the anrount of money via the communication net- 
work 2 to request drawing out from the account of the 
customer's bank 1 12 to the bank. At this time, the termi- 
nal presents customer information Ic of the customer 
111. 

The customer's bank 112 which receives the cus- 
tomer's request of drawing out from the account selects 
or generates the first secret-key Ksl so that the digital 
cash data MO of the amount is encrypted by the first 
secret-key K&1: 



CmOks1^E(Ks1, MO) 

and the encrypted digital cash data CmOksl and the first 
secret-key Ksl for a decrypting key are transferred to the 

s customer 111. and the customer Information Ic and the 
first secret-key Ksl are stored. 

In this caa^, the first secret-key Ksl can be selected 
from what is preliminarily prepared t>y the customer's 
bank 1 1 2. and also may be generated by presentation of 

10 the customer information Ic at the time of drawing by the 
customer using the digital cash management program P 
on the basis of the customer information \c: 

Ks1»P(lc). 

IS 

Through this means, the first seaet-key Ksl can be 
private for the customer 1 11. At the same time, it not 
necessary to transfer the first secret-key Ksl to the cus- 
tomer 1 1 1 so that the safety of the system can be height- 
20 ened. 

Furtha*, the first s^ret-key Ksl can be generated 
on the basis of the bank Information lbs of the customer's 
bank 1 1 2 or on the baste of the bank information lbs and 
the date of key generation. 

25 The customer 1 1 1 to which the encrypted digital 
cash data CmOksl andthefirstsecret-keyKsl aretrans- 
fenred generates second secret-key Ks2 according to 
any one or both of the customer information Ic and the 
' first secret-key Ksl using the digital cash management 

30 program P, for example: 

Ks2=P(lc) 

and the generate second secret-key Ks2 is stored in the 
35 userternrdnal. 

Further, the customer 111 uses the first secret-key 
Ks1 to decrypt the enaypted digital cash data CmOksl 
witii the digital cash management program P: 

40 MO»D(Ks1, CmOksl) 

and the content Is confirmed. When the decrypted digital 
cash data MO whose content is confirmed is stored In 
the user terminal as a cash-box, it is encrypted by the 
45 generate secorxl secret-key KsZ using the digital cash 
management program P: 

CmOKs2«E(Ks2. MO). 

so The first secret-key Ksl Is disused at this time. 

The customer 111 who wishes to buy an article from 
the retail shop 1 13 decrypts the encrypted digital cash 
data CmOks2 which is stored in the user terminal as a 
cash-box by the digital cash management program P 

55 using the second secret-key Ks2: 

M0=D(Ks2, CmOks2) 
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and the digital cash data M1 which corresponds to the 
necessary amount of money is encrypted by the second 
secret-l<ey ks2 using the digital cash management pro- 
gram P: 

Cm1k52BE(Ks2. Ml) 

and then, the payment is made by transmitting the 
encrypted digrtaf cash data Cm1 ks2 to the user terminal 
as a cash-box of retail shop 113 via the communication 
-network 2. 

At this time, the customer information Ic Is also trans- 
mitted to the user terminal of the retail shop 1 13. 

Further, the residual amount digital cash data ^/l2 is 
encrypted by the second secret-key K&2 using the digital 
cash nnanagement program P: 

Cm2ks2i=E(Ks2, M2) 

and stored in the user termir^ of the customer 111. 

Hie retail shop 113 to which the encrypted digital 
cash data Cm1ks2 and the customer information Ic are 
transfenred stores the transfen*ed encrypted digital cash 
data Cm1ks2 and customer tnfbrmation Ic in the user ter- 
minal, and presents the customer information Ic to the 
retail shop's bank 1 14 via the comnuinication network 2 
for confirming the content to requ^ the transmission of 
the second secret-key Ks2 for decription. 

The retail shop's bank 1 1 4 which is requested by the 
retail shop 1 13 to transmit the second secret-key Ks2 
transmits the request of the transnrassion of the second 
secret-key Ks2 and the customer information Ic to the 
customer's bank 1 12. 

The customer's bank 1 12 which is requested to 
transmit the s^nd secret-)^ Ks2 from the retail shop's 
bank 1 14 generates the second secret-key Ks2 accord- 
ing to the customer information Ic by the digital cash 
management program P in the case where the second 
secret-k^ Ks2 is based only on the customer infbmna- 
tion Ic, or generate the second seaet-key Ks2 accord- 
ing to the customer Information Ic and the first secret-key 
Ks1 by the digital cash managment program P In the 
case where the second secret-key Ks2 is based on the 
customer information Ic and the first secret-key f^1 , and 
transmits the generated second secret-key Ks2 to the 
retail shop's t>ank 114. 

The r^1 shop's bank 114 to which the second 
secret-key Ks2 is transmitted from the customer's bank 
1 12 transmite the second secret-key Kg2 to the retail 
shop 1 1 3 via the communication network 2. 

The retail shop 1 13 to which thia second secret-key 
Ks2 is transferred decrypts the encrypted digital cash 
data Cm1ks2 by the second secret-key Ks2 using the 
digital cash management program P: 

M1=D(Ks2, Cm1ks2) 

and after osnfirming the amount of money, fonnards the 
article to the customer 111. 



Incidentally, in this case, the retail shop 111 can 
directly requests the transfer of the second secret-key 
Ks2 to the customer's bank 112 instead of the retail 
shop's bank 114. 

In case where the digital cash received by the retail 
shop 1 13 is deposited in the account of the retail shop's 
bank 1 14, the customer information Ic is transferred to 
the retail shop's bank 114 together with the encrypted 
digital c^ data Cml ks2 via the communication network 
2. 

The retail shop's bank 114 to which the encrypted 
digital cash data Cml ks2 and the customer information 
Ic are transfen-ed requests the transfer of the second 
secret-key Ks2 to the customer^ bank 1 12 by transmit- 
ting the customer information Ic. 

The customer's ksarik 112, which is requested to 
transfer the second secret-key K82 from the retail shop's 
bank 1 14, generates the second secret-key Ks2 accord- 
ing to the customer's information Ic by the digital cash 
management program P when the second secr^-key 
K82 is only based on the customer's infbmnation Ic, or 
generates the second secret-key Ks2 according to the 
customer's Information Ic and the first secret-kay Ksl by 
the digital cash management program P when the eec- 
and secret-key Ks2 is based on the customer's inforrrm- 
tion Ic and the first secret-key iCsl. then the generated 
second secret-key Ks2 is transferred to the retail shop's 
bank 114. 

The retaD shop's bank 114, to which the second 
secret-key Ks2 is transfen-ed from the oistomer's bank 
112. decrypts the encrypts digital cash data Cm1ks2 
by the second secret-key Ks2 u^ng thedigital cash man- 
agement program P: 

M1bD(Ks2, Cm1ks2) 

and the decrypted digital cash data Ml is deposited in 
the bank account of the retail shop's bank 114. 

In the general trade system, the retail shop 113 
stocks products from the maker 1 15 or from the whole- 
saler which intervenes between the retail shop 113 artd 
the maker 115. Then the retail ^op 1 13 sells the prod- 
ucts to the customer 111. Consequently, a trading form 
is present between the customer 111 ard the retail shop 
1 13 just as between the retail shop 113 and the rrtaker 
115. 

The handling of the digital cash between the retail 
^op 113 artd the maker 115 is not basically different 
from the handling of the digital cash which is carried out 
between the customer 111 and the retail shop 113. 
Therefore, the explanatbn there will be omitted for the 
sake of clarity. 

In this digital cash system, the digital cash is handled 
through banks. As information such as the proc^sed 
amount of the digital cash, date, and the secret-key 
demanding party information with respect to ^e handling 
of the digital cash is stored in the customer's bank, the 
residual amount of digital cash and usage history can be 
grasped 
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Even in the case where the user terminal which is 
an electronic cash-box storing the digital cash data can- 
not be used owing to the loss or the breakage, it is pos- 
sible to reissue the digital cash on ^e basis of the 
residual amount, and usage history in the cus- 
tomer's bank. 

It is desirable to add a digital signature to the digital 
cash data for heighten the safety of the digital ca^. 

In this example, digital cash is added by the cus- 
tomer's irrfornrmtion which may be accompanied by dig- 
ital signature. Therefore, the digital cash in the example 
can also have a function of settlement system for 
checques drawn by o^tomers. 

Also this system can be applicable to various sys- 
tems in the international trading such as payment settle- 
ment of inport^export by a negotiation by a draft using a 
letter of credit and a bni of lading which have been exe- 
cuted by documents. 

In the video conference system, a telonsion picture 
has been added to the conventional voice tel^hone set 
Recently the video conference system is advanced in 
which a conputer system is incorporated in the video 
conference system so that the quality of the voice and 
the picture are improved, and data can be handled at the 
same time as well as the voice and the picture. 

Under these circumstances, security against the vio- 
lation of the user's privacy and the data leakage due to 
eavesdropping by persons other than the participants of 
the conference are protects by the cryptosystem using 
a secret-key. 

However, since the conference content obtained by 
the participants themselves are decrypts, in the case 
where partidpants themselves store the content of the 
conference and sometimes edit the content and further, 
use for secondary usage such as distribution to the per- 
60 ns other than the partidpants of the conference, the 
privacy of other participants of the video conference and 
data security remains unprotected. 

In particular, the conrpression technology of the 
transntisslon data is advanced while the volume of the 
data storage medium is advanced with the result that the 
possibility is getting more and more realistic that aD the 
content of the video conference is copied to the data stor- 
age medium or is transmitted via a network. 

In view of the circumstances, the exanple is 
intended, when video conference participants perform 
secondary use, to secure the privacy of other partici- 
pants and data security by using the aforementioned 
constitution of the data copyright management system 

This video conference data management system 
can be actualized, for example, by replacing the data- 
base in the data copyright management system consti- 
tution shown in Rgure 1 with a participant of the video 
conference, the first user terminal with another partici- 
pant of the video conference, and the second user ter- 
minal with non-participant of the video conference. 

An example when utilizing will be explained by using 
Rgure 15. 



Referring to Figure 15, reference numeral 121 rep- 
resents a participant as a host of the video conference, 
1 22 a participant of the video conference as a guest. 1 23 
a non-particrpant of the video conference as a user. 124 

5 a non-participant of the video conference as another 
user, 2 a communication network such as a public tele- 
phone line provided by the communication enterprise 
and a CA teld^ision line provided kjy the cable television 
enterprise or the like. The participant 121 of the video 

10 conference is connected to the participant 122 of tiie 
video conference via the communication network 2. Fur- 
ther, the participant 122 of the video conference can be 
connected to the non-partidpant 123 of the video con- 
ference, and the non-participant 123 of the video confer- 

f 5 ence to the non-partidpant 1 24 of the video conference, 
via the communication network 2. Reference numeral 
125 and 126 represent a data recorcSng medium. 

Referring to Rgure 15. what is represented t^y the 
broken line is a path of the encrypts video conference 

20 content represemed by the solid line is a path requesting 
the crypt key from the non-partidpants of the video con- 
ference 123 arid 124 to the partidpant of the television 
conference 121. and represented by the one-dot chain 
line is a path of crypt keys from tiie partidpant of the 

25 video conference 1 21 to the participant of the video con- 
ference 122 and the non-participants of the video con- 
ference 123 and 124. 

In this example, a video conference data manage- 
' ment system is describe here only the protection for 

30 data security and privacy in case of the video conference 
partidpant 121 to amplify tiie explanation, however, it is 
of course, possible to protect for data security and pri- 
vacy of the vid^ conference partidpant 122. 

A video conference data management program P for 

3s encryption/decryption of the video conference data of 
the partidpant 121 induding audio and picture is previ- 
ously distribute to the video conference partidpant 1 22 
arvJ the video conference non-participants 123 and 124, 
and is 6tor«i in each terminal. This video conference 

40 data nrtanagement program P may be transfen-ed when- 
ever a crypt-key is transfen-ed. 

In this example, further, a first secret-key prepared 
by the video conference partidpant 121. a second 
secret-key pr^ared by the vid^ conference participant 

45 1 22, a third secret-key prepared by the vkieo conference 
non-partidpant 123 ami si^sequent secret-keys pre- 
pared similariy are i^ed as a crypt key. 

The video conference participant 121 and the video 
conference participant 1 22 perform the video conference 

so by transnrutting audio, picture and data (referred to as 
video conference data on the whoie) each otiier. using 
each terminal via communication network 2. Before tiie 
video conference, the video conf^ence participant 121 
generate or selects the first secret-k^ Ksl to transfer 

£5 to the video conference participant 1 22 prior to tiie start 
of the video conference. 

The video conference participant 122 receiving tiie 
first seaet-key Ksl generates the second secret-key 
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K52 by the first seaet-key Ksl using the video confer- 
ence data management program P: 

Ks2«P(Ks1). 

The generated second secret-key Ks2 is stored in 
the terminal. 

The video conference partidpant 121 encrypts the 
video conference data MO with the first secret-key Ks1, 
in the video conference through the communication net- 
work 2: 

CmOk5ls=E(K8l,MO} 

and transfers the encrypted video conference data 
CmOksl to the video (X)nf erence participant 122. 

The video conference participant 122 who receives 
the videoconferencedata CmOksl encrypted by thefirst 
secret-key K&1 decrypts the video conference data 
CmOksl by the first secret-key Ksl : 

M0«D(ks1, CmOksl) 

and uses decrypted video conference data MO. 

Purser, the second seo'et-key K52 is generate 
based on the first secret-key Ksl with the video confer- 
ence data management program P: 

Ks2=P(Ks1). 

In the case where ^e decrypted video conference 
data MO is stored in the ternrnnal of the participant 122 
of the video conference, copied to the data record 
medium 125, or transfenred to the non-participant of the 
video conference via the communication network 2, the 
data M is encrypted by the second secret-key Ks2 using 
the video conference data management program P: 

Cmks2sE(Ks2, M). 

The encrypted data Cmks2 is celled to the record 
medium 125 or suppli^ to the non-partidpant of the 
video conference via the communication network 2, 
together with the video conference data nanrre or the 
video conference data nun^er. 

The non-partidpant of the video conference 123 
who obtains the encrypted data CniKs2 requests to the 
partidpant 121 for the secondary use of the video con- 
ference data M from the terminal by specifying the name 
or number of the video conference data. 

The partidpant 121 of the video conference who 
receives the request for the second use of the data M 
finds out the first secret-key 1^1 according to the name 
or the number of the video conference data name or 
number to generate the second secret-key Ks2 based 
on the first secret-key Ksl : 

Ks2=P{Ks1) 



and supplies the generated second secret-key Ks2 to the 
non-partidpant of the video conference 123. 

The non-partic^ant of video conference 123 who 
receives the second secret-key Ks2 decrypts the 
5 encrypted data Cmks2 lay the second secret-key Ks2 by 
using the television conference data management pro- 
gram P: . 

* " MbD{Ks2, Cmks2) 

10 

and then, uses decrypted video conference data M. 

In the case where the video conference data M is 
stored In the terminal of non-partidpant of the video 
conference 123, copied to the record medium 126, or 
IS transmitted to the non-participant of the video confer- 
ence 124, the video coriference data M is encrypted by 
the second secret-key Ks2 leing the video conference 
data management program P : 

so Cmks2-E(Ks2. M). 

Inddentally, the third secret-key KsS be gener- 
ated on the basis of the second secret-key i<s2 with the 
video conference data management program P: 

25 

l^=P(Ks2), 

, and the data M can be encrypted with the video confer- 
' ence data management program P by this generated 
30 third sra-et-key Ks3: 

Cmks3=E(Ks3. M). 

Claims 

35 

1 . A data copyrigfit nanagement apparatus us^ with 
a Lser terminal for utilizihg digital data. 

said digital copyright management apparatus 
compri^ng a central processing unit, a central 
40 processing unit bus, read-only semiconductor mem- 
ory, electrically erasat3)e programmable memory, 
and read/Write memory; 
wherein, 

said central processing unit saki read-only 
45 semiconductor memory, said electrically erasable 
programmalafe memory, and read/Write memory are 
connected to said central processing unit bus. and 
a system bus of said user terminal is able to be con- 
nected to said central processing unit bus; 
so a data copyright management system pro- 

gram, a copyright management program, and user 
information are stored in said read-only semicon- 
ductor memory; 

a second prh/ate-key. a penult key, a second 
ss secret-k^y, a copyright management program, and 
copyright information are stor^ in said electrically 
erasable programmable memory; and 

a first public-key. a first private-key, a second 
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public-key. and a first crypt-key are transmitted to 
said readAA/rite memory during operation. 

2. A data copyrigtii management apparatus used wrtti 

a user terminal for utilizing digital data. s 

said data copyright management apparatus 
comprising a central processing unit a central 
processing unit bus, read-only semiconductor mem- 
ory, electrically erasable programmable memory, 
and read/write memory; io 
wherein, 

said central processing unit, said read-only 
semiconductor memory, said electrically erasat^e 
programmable memory. arKi said read^te mem- 
ory are connected to said central processing unit is 
bus, and a system bus of said user terminal is able 
to be connected to said central processing unit bus; 

a data copyrigtit management system pro- 
gram, a copyright management program, crypt algo- 
rithm, and user infbrnration are stored In said read- so 
only semiconductor memory; 

a secorrd private-key, a permit key, a secorrd 
secret-key, and copyright information are stored in 
said electrically erasat)le programmatsle memory; 
and 25 

a first piiblic-key, a first private-key, a second 
put>lic-key, and a first crypt-key are transmotted to 
said read/write memory during operatioa 

3. The data copyright management apparatus accord- 30 
ing to Claim 1 or 2, whnch is configured in the form 

of air IC. 



8. A data copyright management apparatus used in a 
user terminal for decrypting encrypted data to dis- 
play or edit said data and for re-encrypting decrypted 
data to store, copy, or transfer said data; 

said data copyright management apparatus 
comprising a first nruaoprocessor and a second 
nvcroprocessor; 

wfierein, a f ir^ computer comprising a first 
beat bus connected to said first microprocessor, and 
first read-only semiconductor memory arid first 
readAwite memory connected to said first local bus; 
and, 

a second corrputer comprising a second 
bcal bus connected to said second microprocessor, 
and second read-only semiconductor memory and 
second readAvrite memory connected said second 
bcal bus are configured; 

wheret>y, said first nrucroprocessor decrypts 
mcrypted data, and 

said second microprocessor re-encrypts 
decrypted data. 



4. The data copyright management apparatus accord- 
ing to Claim 1 or 2. which is configured in the form ss 
of an IC card. 

5. The data copyright management apparatus accord- 
ing to Claim 1 or 2, whddi is configured in the fbrm 

of a PC card. 40 

6. The data copyright management apparatus accord- 
ing to Claim 1 or 2, wNch configured in the fbrm 
of an insertion board. 

45 

7. A data copyright management apparatis used in a 
user terminal for decrypting encrypted data to dis- 
play or ecGt said data and for re-enoypting decrypts 
data to store, copy, or transfer said data; 

wherein, a connputar comprising a microproc- so 
essor. a local bus connected to said microprocessor, 
read-only semiconductor memory and readAnrrite 
memory connected to SEiid local bus is configured; 

whereby, one of the microprocessor of said 
user terminal and the microprocessor of said data ss 
copyright management apparatus performs decryp- 
tion and the a\h&r performs re-encryption. 
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(54) Apparatus for data copyright management system 



(57) A data copyright management apparatus is 
used with a user terminal and comprises a CPU, a CPU 
bus, ROM. EEPROM, and RAM. 

The CPU, ITOM, EPROM. ard RAM are connected 
to the CPU bus, arui a system bus of a device which uti- 
lizes the data can be connected to the CPU bus. A data 
copyright management system program, a crypt algo- 
rithm, and vser information are stored in the ROM. and 
a second private-key, a permit key, a second secret-key, 
and copyright information are stored in the EEPROM. A 
first piAalic-key, a first private-key, a second public-key, 
and a first secret-key are transmitted to the RAM during 
the operation. The data copyright management appara- 
tus may be configured in form of a monolithic or 
hybrki IC, a thin IC card. PC card, or an expansion 
board. If the copyright management program is pro- 
vided from the outside, then it is stor^ in the EEPROM. 
othenvise it is stored in ROM. 

In addition to a microprocessor in the user terminal 
which decrypts encrypted data for displaying ard 
processing purposes and re-encrypts the decrypts 
data for storing, copying, or transfening purposes, at 
least one other microprocessor, desirably two other 
microprocessors, are added for deovpting and re- 
encryjating data. The microprocessors to be added may 
be connected to the system bus of the microprocessor 
of the user terminal. However, to allow concurrent 
microprocessor operation it is desirable ttiat the multi- 
processor configuration is implemented by using a 
SCSI bus, PCI bus. or SCI bus. The data copyright man- 
agement apparatus may be implemented in the form of 



a monolithic IC. a hybrid IC, or a built-in subboard, and 
the apparatus in these fornre is incorporated in a com- 
puter, television set, set-top box. digital video tape 
recorder, digital video disk recorder, digital audio tape 
appaiBtus. or personal digital assistarrts. and the like. 
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